3937 matches found
EUVD-2026-37653
Unauthenticated Local File Inclusion in Right Way = 4.0 versions...
CVE-2026-30803
CVE-2026-30803 describes an Integer Underflow in RTI Connext Micro (Core Libraries) that allows an overread of buffers. Affected is Connext Micro versions from 4.0.0 up to, but not including, 4.3.0. The description provided does not specify a disclosed exploit, mitigation, or a confirmed fix vers...
CVE-2025-69120
Unauthenticated Local File Inclusion in Dazzle = 1.0.0 versions...
CVE-2026-39568
Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...
CVE-2025-69131
Unauthenticated Arbitrary File Download in WordPress & WooCommerce Scraper Plugin, Import Data from Any Site = 1.0.7 versions...
EUVD-2026-37699
Unauthenticated Local File Inclusion in Kastell = 2.0 versions...
CVE-2026-40721 WordPress Element Pack Pro plugin <= 9.0.6 - Local File Inclusion vulnerability
Contributor Local File Inclusion in Element Pack Pro = 9.0.6 versions...
PT-2026-50503
Name of the Vulnerable Software and Affected Versions Connext Professional versions 7.4.0 through 7.6.x Connext Professional versions 7.0.0 through 7.3.1.2 Connext Professional versions 6.1.0 through 6.1.x Connext Professional versions 6.0.0 through 6.0.x Connext Professional versions 5.3.0 throu...
CVE-2026-39548 WordPress MagOne theme <= 9.0 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in MagOne = 9.0 versions...
CVE-2025-69103 WordPress Brikk theme <= 3.0.0 - Arbitrary Content Deletion vulnerability
Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...
CVE-2026-42089
The CVE concerns yeoman-environment. Vulnerable versions 2.9.0 through 6.0.0 install missing local generator packages from attacker-controlled names without user confirmation, via installLocalGenerators() calling repository.install(). This can cause arbitrary package installation and code executi...
PT-2026-50105
Unauthenticated Local File Inclusion in Mr. SEO = 2.0 versions...
PT-2026-50100
Unauthenticated Cross Site Scripting XSS in MagOne = 9.0 versions...
PT-2026-50080
Subscriber Arbitrary Content Deletion in Brikk = 3.0.0 versions...
EUVD-2026-36969
Subscriber Arbitrary File Upload in WP-BusinessDirectory = 4.0.0 versions...
CVE-2026-52694
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...
CVE-2026-52697 WordPress Taskbuilder plugin <= 5.0.7 - SQL Injection vulnerability
Subscriber SQL Injection in Taskbuilder = 5.0.7 versions...
EUVD-2026-36901
Unauthenticated Sensitive Data Exposure in Signature Add-On for WooCommerce = 2.0 versions...
EUVD-2026-36807
Unauthenticated SQL Injection in wpForo Forum = 3.0.4 versions...
EUVD-2026-37002
Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook commands from .claude/settings.local.json without dedicated user approval. A malicious workspace or agent-created file could configure hooks that run...